Directorates General for "Regional Policy", "Employment, Social Affairs and Equal Opportunities", "Agriculture and Rural Development" and "Fisheries and Maritime Affairs" J OINT A UDIT STRATEGY FOR S TRUCTURAL A CTIONS 2007-2009

1. I NTRODUCTION This document outlines the audit strategy proposed for each of the Structural Funds and the Cohesion Fund for the 2007-2009 period, setting out the main objectives, the risks identified and the actions to be undertaken to address these risks. The document has been prepared jointly by the audit units of the four Directorates-General responsible for the audit of the Structural Funds and the Cohesion Fund (SF DGs) and covers the European Regional Development Fund (ERDF), the European Social Fund (ESF), the European Agricultural Guidance and Guarantee Fund (EAGGF) guidance section, the Financial Instrument for Fisheries Guidance (FIFG), the Cohesion Fund (CF) and the Instrument for Pre-Accession Assistance (IPA). The joint audit strategy was issued for the first time in 2005 following the recommendation from the Commission communication of August 2004 1 on specific actions to promote coherent audit methodologies between the Commission services working in the framework of shared management. The objective is to synchronise audit strategies between the Funds as far as possible and promote a common approach, so that there is a coherent focus for the audit work. This will have particular relevance for the work of assessing the management and control systems established by the new Member States, the preparation for the closure of the 2000-2006 programming period, and the arrangements for the programming period 2007-2013. The audit strategy is reviewed and updated annually, as necessary. 1.1. Audit strategies under shared management For the part of the Community budget implemented under shared management, the Member States are principally responsible for setting up management and control systems which are in compliance with Community requirements, for verifying that the systems function effectively through audits by designated bodies, and for making financial corrections. The Commission nevertheless remains ultimately responsible for the execution of the budget. It must therefore seek reasonable assurance that the systems for management and control of Community funds established in the Member States are in conformity with the Community regulations and function so as to provide sound financial management. For this purpose audits are carried out in the Member States by the Commission services themselves or by private audit firms working under the Commission’s supervision. Given the multi-annual nature of the structural instruments, the large number of authorities responsible for their implementation in the Member States, and the limited audit resources available to the Commission, not all areas will be audited each year nor over the entire programming period, by the Commission itself. It is therefore necessary to adopt a medium-term strategy for seeking reasonable assurance concerning the legality and regularity of the claims paid, for determining the significance of the risks when this assurance cannot be attained, and for recovering irregular expenditure.

1 C (2004) 3115

3

1.2. Legal Framework Article 274 of the Treaty stipulates that the Commission shall implement the budget under its own responsibility. The Member States co-operate with the Commission to ensure that appropriations are used in accordance with the principles of sound financial management.Currently, the audit strategy covers three programme periods, 1994-1999, 2000-2006 and 2007-2013, which are governed by three different sets of regulations (Council Regulations 1260/1999 (Structural Funds) and 1164/94 (Cohesion Fund), as amended 2 , the corresponding Commission Regulations 438/2001 and 1386/2002 3 for the current period and Council Regulation 1083/2006 and Commission Regulation 1828/2006 for the new period). Theregulations require the Commission to review the management and control systems presented by the Member States and, in cooperation with the Member States, to verify the effective functioning of these management and control systems, inter alia by undertaking on-spot-checks for this purpose. The Commission must satisfy itself that these systems meet the standards required by the Council and Commission regulations, and make known any obstacles which they present to the transparency of checks and to the Commission’s discharge of its responsibilities under Article 274 of the Treaty. 1.3. Methodology The audits are carried out in accordance with the guidelines in the audit manuals of the Structural Funds and the Cohesion Fund. International auditing standards, as issued by the International Federation of Accountants (IFAC) or the International Organization of Supreme Audit Institutions (INTOSAI), are taken into account as much as possible, in order to ensure general compliance. The Structural Fund audit manual will be revised for the new regulations  see section 4 for further details. 1.4. Reporting Communication of the results of the audit work is done through various means to the interested parties. Audit reports are the main output. An audit report includes a description of the audit testing performed, the findings following an audit mission, generally gives an opinion, and sets out the basis for corrective actions, as recommended by the responsible Directorate General. The follow-up process subsequent to the issue of the audit report is equally important since it includes recommendations (or, in the case of major weaknesses, action plans) specific to the Member State on correcting major deficiencies in their management and control systems. The Member States also receive 2 Article 38(2) of Council Regulation (EC) No 1260/1999 of 21 June 1999 laying down general provisions on the Structural Funds (OJ L 161, 26/06/1999, p.1) as amended and Article 12(2) of Council Regulation (EC) No 1164/94 of 16 May 1994 establishing a Cohesion Fund (OJ L 130, 25/05/1994, p.1), as amended. 3 Article 6 of Commission Regulation (EC) No 438/2001 of 2 March 2001 laying down detailed rules for the implementation of Council Regulation (EC) No 1260/1999 as regards the management and control systems for assistance granted under the Structural Funds (OJ L 063, 03/03/2001, p.21), as amended and Article 5 of Commission Regulation (EC) No 1386/2002 of 29 July 2002 laying down detailed rules for the implementation of Council Regulation (EC) No 1164/94 as regards the management and control systems for assistance granted from the Cohesion Fund and the procedure for making financial corrections (OJ L 201, 31/07/2002, p.5). 4

timely feedback on the submission of their annual control reports concerning the programming period 2000-2006 4 . At the end of each year an assessment is made based on the audit work of the Directorates General, the results of the analysis of the annual control reports of the Member States, information from audit reports received from the national audit bodies, and from audits of the European Court of Auditors and other Structural Funds DGs, and the up-to-date information obtained from the last bilateral meetings with protocol partners. This assessment of the functioning of the management and control systems will provide conclusions as to whether there are significant deficiencies. Therefore, this assessment is an essential part of the input to enable the Structural Funds DGs to provide assurance annually on the expenditure for which they are responsible. 1.5. Budget The Structural Fund DGs, along with the responsible authorities in the Member States and beneficiary countries, manage slightly more than one-third of the Community budget. Financial Resources for operational expenditure in 2007 (in (€) payment appropriations): Activity/FundEuropean Regional Development Fund and other regional interventions Cohesion Fund Pre-accession Interventions related to the Structural Policies European Social Fund EAGGF Guidance FIFG Total (of financial resources managed by the SF DGs)

1.6. Materiality The audit work takes account of the approach to materiality agreed by the four Directorates General for the purposes of the Annual Activity Report (AAR) and set out in the "Guidelines for assessment of materiality of deficiencies in Member States’ management and control systems under shared management for the purposes of Annual Activity Reports". The concept of materiality is vital to identifying deficiencies to be disclosed in the AAR and determining which ones are significant enough to warrant a reservation. Reservations should be made in respect of significant deficiencies in the systems in the Member States or beneficiary countries where the resulting risk to the Community budget is material. Significant deficiencies are identified on the basis of a qualitative assessment taking account of relevant factors such as whether the deficiency relates to a key control element, the number and duration of such deficiencies, the importance of the systems affected, compensatory measures, the underlying cause of 4 Article 13 of Regulation 438/2001 and Article 12 of Regulation 1386/2002. 5

such deficiencies and corrective and timely actions taken by the Member State. Such deficiencies will be considered “materialwhere the sum of the amounts quantified as “at risk from the cases of significant deficiencyexceeds 2% of the total payments made for the year in question under the ABB (Activity Based Budgeting) activity, or where there are special factors in relation to the qualitative aspects of the deficiencies, or a high level of risk for the budget for a number of preceding years, which give rise to a high reputational risk for the Community institutions.

2. A UDIT OBJECTIVES AND G ENERAL R ISK A SSESSMENT Overall objectives The overall objectives of the activity of the audit units in the Structural Fund Directorates General are to seek reasonable assurance that the management and control systems established and implemented by Member States and beneficiary countries i) comply with requirements of the Community regulations and ii) are functioning effectively to prevent and detect errors and irregularities and assure the legality and regularity of the expenditure declared to the Commission. In the event that deficiencies are identified in the systems, recommendations for remedial actions are made, and suspension of payments and financial corrections could be undertaken. Overall risks The management of structural actions carries an inherent risk since they are delivered by a multiplicity of organisations and systems, and involves hundreds of thousand of diverse operations. Eligibility of expenditure is determined by compliance with rules and conditions fixed at Community and national level which can lead to complexity and risk of misinterpretation. The prime overall risk to the European Commission is that it will fail to obtain the annual discharge for its management of the Funds, by failing to satisfy the discharge authorities that it has properly fulfilled its responsibilities to ensure smooth functioning of systems by the Member States and beneficiary countries, and to initiate financial corrections in case of irregular expenditure. The risk to the Authorising Officer by Sub-Delegation is that he or she will authorise payments in respect of irregular expenditure declared by the Member State or beneficiary country and will not have the reasonable assurance on the underlying transactions as required for the declaration in the Annual Activity Report. The risk presented by each category of expenditure is a function of:  the materiality of the expenditure concerned;  the reliance which can be placed on the Member States’/beneficiary countries’ management and control systems;  the quality and quantity of audits undertaken by the Member States’/beneficiary countries’ audit bodies;  the sensitivity of the sector concerned for the reputation of the DG/Commission; the complexity and nature of operations co-financed.

6

This risk is mitigated by:  sound financial management and control systems;  the certification of the regularity of expenditure by the responsible authority in the Member State or beneficiary country;  the application of the provisions of the Charter of Authorising Officers by Delegation, which sets out the Commission’s responsibilities as regards checks on operations;  in relation to ISPA and IPA, the ex ante controls carried out by the EC delegation ;  exercise of the regulatory framework to suspend payments or to make financial corrections in the light of ex post audit findings;  the effective functioning of the financial circuits of the DG for processing payment claims. In general, systemic risk is minimized by the implementation of a sound audit strategy, which takes account of the risks identified. An audit strategy takes account of the high priority accorded by senior management to the overall risks referred to. The implementation of a sound audit strategy not only provides for the management of identified risks but also should be engendering systemic improvements and this should lead to a reduction of errors.

3. P RIORITIES IN 2007 In the framework of the multi-annual audit strategy, and in a period of cumulative challenges for the Structural Funds audit function, the following five main priorities , outlined in detail in sections 4-8 of this document, are addressed by all the concerned Commission services in 2007: • Commission Action Plan towards an Integrated Internal Control Framework. The Commission services are committed to work towards an integrated audit approach. The Structural Fund DGs have incorporated into their audit work plans for 2007 the specific actions required from the Commission Action Plan. (section 4) • Assurance on the functioning of the management and control systems for the 2000-2006 period. In 2007, audit work will include the follow-up of implementation of recommendations from previous audits carried out, the monitoring of the implementation of specific actions plans agreed with Member States and further audit work to increase coverage 5 in certain Member States, both in terms of systems audits and sample checks. (section 5) • Assurance to be placed on the work of the national audit bodies (winding-up bodies in preparation for closure 2000-2006). A new audit enquiry will examine and assess the audit work of national audit bodies and in particular the winding-up bodies, in order to place reliance in preparation for closure. Themethodology for this new audit enquiry is currently being 5 Coverageis calculated as the value of the contribution of programmes audited as compared to the total contribution.

7

developed jointly between all four SF DGs and the audit work will be coordinated to obtain synergies. (section 6) Assurance on the set-up and the functioning of the management and • control systems for the 2007-2013 period. The overall objectives for 2007 are a) to ensure that the management and control systems are designed according to the new regulatory requirements at the programme negotiations stage and b) to ensure that the new regulatory requirements for the submission of the audit strategy and compliance assessment report are implemented in a correct and timely way. A technical meeting with Member States has been arranged by the Commission for end of March on these topics. (section 7) • Closure of the 1994-99 programming period. All four SF DGs have as the overall objective to finalise any follow-up work and any related financial correction decisions. (section 8)

4. C OMMUNITY I NTEGRATED I NTERNAL C ONTROL F RAMEWORK The Commission Action Plan towards an Integrated Internal Control Framework, adopted on 17 January 2006, sets out a list of 16 concrete actions to be implemented by the Commission services which address weaknesses that have so far prevented the European Court of Auditors from granting the Commission a positive DAS. The implementation of these actions, in cooperation with the Member States, will demonstrate that they have put in place the conditions necessary for the effective control of European Union funds. The Structural Fund DGs are key players in the process. A state-of- play on some of the actions concerning the shared management areas of the budget is as follows: Action 1- Simplification -The DG Regional Policy (DG REGIO), DG Employment, Social Affairs and Equal Opportunities (DG EMPL) and DG Fisheries and Maritime Affairs (DG FISH) have contributed to ensuring that the legal provisions in the Council Regulations and the Commission’s implementing regulations relating to control and audit provide a clearer and more precise framework. In 2007 the Commission will prepare guidance on implementation and provide training to national audit authorities (see action 9). Action 9 -Improved Coordination  The action plan calls for increased coordination of audit work and sharing of audit results between the Commission services and between the Commission and Member States. In fact, the most cost-effective way of making systems effective in preventing and correcting errors in transactions is to integrate the activities of the Commission and the Member States under the "single audit" approach, involving coordination, exchange of information on the results of controls, dissemination of guidance and good practice, and the adoption of common control objectives and standards. Coordination between the Commission and Member States The 2006-07 annual bilateral coordination meetings have been brought forward between 20 November 2006 and 6 March 2007, in order to be able to include any relevant conclusions in the Annual Activity Report. More emphasis is placed in the 8

meetings on the audit strategies, coordination of audit work and methodology issues, such as sampling and materiality. The various funds may also have their own additional meetings with Member States. For example, DG EMPL holds its annual “mutualisation meetings. The objective ofthese meetings is, the same as above, to share audit results with the Member States and therefore the Commission can draw part of its assurance level on systems from the national audit results. In 2006, as annual co-ordination audit meetings had been brought forward, the “mutualisation meetings were generally planned as partof such meetings, usually taking place in Brussels, in order to avoid duplications and to make the best use of audit resources. At last year’s “Homologues’ Groupmeeting in Poland, the Commission undertook to assist the audit authorities for the new programming period by providing more regular technical meetings; for end of March 2007 such a meeting is planned to focus on the compliance assessment and the audit strategy documents to be submitted by the audit authorities within 12 and 9 months of programme adoption. Training will also be offered during 2007 to all Member States on the work of the audit authorities under the new regulations. By improving coordination, the Commission will be able to increase the reliance to be placed on the work of national audit bodies. In this respect, it is intensifying efforts in 2007 and onwards as discussed in actions 14 to 16 below and through the new audit enquiry on the reliance to be placed on the national audit work (section 6). All this is an ongoing activity to promote an integrated internal control framework. Coordination with other Structural Funds The Structural Fund DGs coordinate their strategies to produce the joint audit strategy and are working towards a more complete alignment of audit procedures. In 2006 the database of all national authorities had been completed and the DGs had incorporated procedures for informing other services of audits common to all funds, for facilitating the exchange of audit results or for arranging joint audits. For the 2000-2006 programming period, a coordinated audit approach is planned for the enquiry on the reliance to be placed on the national audit bodies in preparation for the closure of programmes (see section 6). A common audit approach will be developed between DG REGIO and DG EMPL for the new programming period, which will begin with the review of the compliance assessment report and the audit strategies in 2007 (see section 7). The planning for the training in the Member States, the technical meetings and the working groups formed on the revision of the SF audit manual and the new enquiry include participants from both the SF DGs. Action 10  Cost of Controls  DG REGIO and DG AGRIassisted DG BUDGET in defining a common methodology for estimating the cost of controls. It was decided to limit this action only to ERDF for the Structural Funds and the EAGGF Guarantee section. Representatives from the DG REGIO launched the exercise end of 2006 and have visited Wales, Portugal and Hungary, who agreed to participate in the pilot phase, to introduce the methodology and explain their role in testing the methodology. It is expected that the launch to all the Member States will take place in April 2007 after which an analysis document will be produced on the costs of controls by end of 2007. Action 14-Guidance - The Commission issued four guidance notes in 2006, - 1) good practices on first level day-to-day management checks, 2) good practices on the certification checks by the paying authority, 3) the guidance note on the recoveries 9

information to be provided by Member States and 4) the closure guidelines for the 2000-2006 period. For 2007, the Structural Fund DGs are committed to producing guidelines on financial corrections for public procurement irregularities, closure of INTERREG programmes and updating the guidance already provided under 1) and 2) above for the new period. Action 15- Contracts of Confidence  The Commissioner of DG REGIO signed the first Contract of Confidence for ERDF with Wales in the Homologues Group meeting in Warsaw on 25 September 2006. A second Contract was signed with Austria in December 2006. At least two other EU15 Member States are potential candidates, as well as two potential candidates among the new Member States. Further audit work will be carried out in 2007 to provide the basis for these arrangements. The promotion of this initiative has driven generally the improvements in the coordination of audit work and has created a bench-marking procedure. The key elements of this initiative have been incorporated in the new Council Regulation 1083/2006 under Article 73. Action 16 -Coordination of audit standards - It is necessary that all Member States perform audit work according to the same generally accepted audit standards. In this respect, a working group to revise the Structural Funds audit manual according to the new regulations, and to introduce the application of international audit standards, has been set up between DG REGIO, DG EMPL and DG FISH. The new manual will act as a point of common reference for all Member States and the Commission services. The Member States will be consulted throughout 2007, either through written procedures or via technical meetings, for their comments on the content of the sections to be included. Furthermore, audit methodologies are discussed in bilateral coordination meetings and national auditors are encouraged to participate in audits performed by the Commission in order to share best practices.

5. A SSURANCE ON THE FUNCTIONING OF THE MANAGEMENT AND CONTROL SYSTEMS IN 2000-2006 5.1. EU25 Specific objectives and risks For the programmes concerning the period 2000-2006, for all the Funds concerned, the risk remains that the management and control systems may still be affected by material weaknesses. In some cases the Commission does not yet have sufficient evidence that deficiencies detected have been satisfactorily remedied, whilst in others coverage of systems is not yet sufficient. Therefore, there is a need for the Commission to increase its assurance. For the ERDF , based on the previous audit work, specific risk areas identified affecting key elements of the systems mainly concern insufficient management verification checks by Management Authorities and/or Intermediate Bodies and deficiencies in the certification and/or audit functions. Other key elements of the system also detected as weak include the separation of functions and inadequate audit trails. In the area of public procurement, the main issues concern irregular complementary works, the misapplication of the selection criteria and problems in tender evaluation. 10

Therefore, there is still a need for the Commission to increase its assurance on the functioning of the management and control systems in a number of Member States. The specific objectives will be, in the light of the residual risk determined for each of the countries concerned, to ensure a timely and adequate implementation of previous recommendations and to verify systems not previously audited and where the risk assessment indicates a high risk. An audit enquiry was started in mid-2004 to examine the effective functioning of key elements of the management and control systems in Member States for mainstream programmes. The audits comprise two phases, a systems audit and an audit of a sample of projects selected on a representative basis. The on-the-spot audit work initially planned has been concluded by end 2006 for EU 15 and will be concluded as at end of June 2007 for EU 10. At the end of 2006, 65 programmes had been audited under the EU15 enquiry -"verification of effective functioning of the systems for 2000-06 period" representing 31% of the number of the mainstream programmes and 50,8% of the planned ERDF contribution. For EU 10, at the end of 2006, 9 programmes had been audited representing 60% of the number of the mainstream programmes and 71,5% of the planned ERDF contribution. For the ESF , concerning EU15, the ESF risk analysis identified a number of ESF programmes, which presented a relatively higher degree of risk meriting closer attention in the form of systems audits. Out of a total of 212 ESF programmes for EU15, more than 160 programmes have been audited between 2002 and 2006. At the end of September 2006 only a few programmes identified as 1 st priority group 6 remain uncovered. These uncovered "high risk programmes" merit to be audited in 2007 in order to verify the compliance of the systems in place, taking into account the possible national audit results. It is worth mentioning that the remaining uncovered programmes for EU 15  outside the high risk areas  cover only a reduced part ofthe total ESF appropriations for EU 15 in 2000 - 2006: at the end of 2006 around 20% of ESF appropriations for 2000/2006 EU 15 have not been audited yet by DG EMPL audit unit (over than 90 programmes, most of them at regional level). The "mutualisation" (sharing) of ESF audit results with the Member States, in an integrated audit approach, allows to draw assurance from national audit results for 44 of these programmes, provided that audit reports are provided to the Commission in due time. This is among others the case for the French, Portuguese and Greek regional programmes, which constitute the bulk of the 2 nd priority group 7 , and for which national audit results have been received and taken into account in determining DG EMPL level of assurance. Some of these programmes will be covered in 2007 and possibly in 2008, with a greater emphasis on substantive testing after a first systems audit, due to the late stage in the 6 high / medium risk - high/ medium value 7 high risk / low value or low risk / high value